AWS Security ChangesHomeSearch

AWS managedservices documentation change

Service: managedservices · 2026-03-25 · Documentation medium

File: managedservices/latest/userguide/ams-sec-stand-controls.md

Summary

Modified security control 6.11 to allow cross-account policies with write access to third-party accounts if risk acceptance is obtained.

Security assessment

This change updates a security control by introducing a formal exception process (risk acceptance) for a previously prohibited configuration. It adds to security documentation by defining a governance process, but does not indicate a fix for a specific security vulnerability.

Diff

diff --git a/managedservices/latest/userguide/ams-sec-stand-controls.md b/managedservices/latest/userguide/ams-sec-stand-controls.md
index 07c4d707b..849c50a2d 100644
--- a//managedservices/latest/userguide/ams-sec-stand-controls.md
+++ b//managedservices/latest/userguide/ams-sec-stand-controls.md
@@ -177 +177 @@ ID | Technical standard
-6.11 | Cross-account policies to access any S3 bucket data or resources where data can be stored (such as Amazon RDS, Amazon DynamoDB, or Amazon Redshift) in a third-party account from an AMS account with write access must not be configured.  
+6.11 | Cross-account policies to access any S3 bucket data or resources where data can be stored (such as Amazon RDS, Amazon DynamoDB, or Amazon Redshift) in a third-party account from an AMS account with write access must not be configured without risk acceptance.